Beginner Basics • Website is not reachable but pingable from customer network

# mar/19/2024 15:07:13 by RouterOS 6.48.4# software id = **ELIDED**## model = RB3011UiAS# serial number = **ELIDED**/interface bridgeadd admin-mac=**ELIDED** auto-mac=no comment=\    "Lokalni sit  eth2->eth10+stp1" name=bridge-LAN/interface ethernetset [ find default-name=ether1 ] comment="Privod od T-mobile" name=ether1-WAN/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=default-dhcp interface=bridge-LAN name=defconf/snmp communityadd addresses=**ELIDED** name=arit/user groupadd name=backup policy="ssh,ftp,read,sensitive,!local,!telnet,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!api,!romon,!dude,!tikapp"/interface bridge portadd bridge=bridge-LAN comment=defconf interface=ether2add bridge=bridge-LAN comment=defconf interface=ether3add bridge=bridge-LAN comment=defconf interface=ether4add bridge=bridge-LAN comment=defconf interface=ether5add bridge=bridge-LAN comment=defconf interface=ether6add bridge=bridge-LAN comment=defconf interface=ether7add bridge=bridge-LAN comment=defconf interface=ether8add bridge=bridge-LAN comment=defconf interface=ether9add bridge=bridge-LAN comment=defconf interface=ether10add bridge=bridge-LAN comment=defconf interface=sfp1/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge-LAN list=LANadd comment=defconf interface=ether1-WAN list=WAN/ip addressadd address=192.168.88.1/24 comment=Servisni-subnet interface=bridge-LAN \    network=192.168.88.0add address=89.24.124.234/24 comment="Staticka od T-Mobile" interface=\    ether1-WAN network=89.24.124.0add address=192.168.2.254/24 comment="Lokalni rozsah" interface=bridge-LAN \    network=192.168.2.0add address=192.168.3.254/24 comment="Guests rozsah" interface=bridge-LAN \    network=192.168.3.0/ip dhcp-clientadd comment=defconf disabled=no interface=ether1-WAN/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf gateway=192.168.88.1/ip dnsset allow-remote-requests=yes servers=8.8.8.8,8.8.4.4/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall address-listadd address=62.168.51.253 list=aritadd address=62.168.51.250 list=aritadd address=84.42.204.102 comment=mk list=aritadd address=193.165.167.74 list="IIS Tabor"/ip firewall filteradd action=accept chain=input comment=\    "defconf: accept established,related,untracked" connection-state=\    established,related,untrackedadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=Winbox,SSH dst-port=8291,1313,23 \    protocol=tcp src-address-list=aritadd action=accept chain=input comment=Winbox,SSH dst-port=161 protocol=udp \    src-address-list=aritadd action=accept chain=input in-interface=bridge-LANadd action=drop chain=input comment="defconf: drop invalid" connection-state=\    invalidadd action=drop chain=input comment="defconf: drop all not coming from LAN" \    in-interface-list=!LANadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \    connection-state=established,relatedadd action=accept chain=forward comment=\    "defconf: accept established,related, untracked" connection-state=\    established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \    connection-state=invalidadd action=accept chain=forward comment="Allow LAN" in-interface=bridge-LANadd action=accept chain=forward comment="rekolin NAGIOS, SSH" dst-address=\    192.168.2.251 dst-port=5666,1300 protocol=tcpadd action=accept chain=forward comment="rekoad RDP - 3390" dst-address=\    192.168.2.252 dst-port=3389 log=yes log-prefix=_3390f protocol=tcpadd action=accept chain=forward comment="rekoad NAGIOS - 5667" dst-address=\    192.168.2.252 dst-port=5666 protocol=tcpadd action=accept chain=forward comment="rekois NAGIOS - 5668" dst-address=\    192.168.2.249 dst-port=5666 protocol=tcpadd action=accept chain=forward comment="rekois RDP - 3391" dst-address=\    192.168.2.249 dst-port=3389 protocol=tcpadd action=accept chain=forward comment="rekois SQL IIS Tabor - 9998" \    dst-address=192.168.2.249 dst-port=9998 protocol=tcpadd action=accept chain=forward comment="rekois SQL - 1433" dst-address=\    192.168.2.249 dst-port=1433 protocol=tcpadd action=accept chain=forward comment="rekovpn SSH - 1301" dst-address=\    192.168.2.248 dst-port=1300 protocol=tcpadd action=accept chain=forward comment="rekovpn NAGIOS - 5669" dst-address=\    192.168.2.248 dst-port=5666 protocol=tcpadd action=accept chain=forward comment="rekovpn OPENVPN - 1194" dst-address=\    192.168.2.248 dst-port=1194 protocol=udpadd action=accept chain=forward comment="rekovpn OPENVPN - 1194" dst-address=\    192.168.2.248 dst-port=1194 protocol=tcpadd action=accept chain=forward comment="rekovpn OPENVPN - test" disabled=yes \    dst-address=192.168.2.248 dst-port=443 protocol=tcpadd action=accept chain=forward comment="rekosmb SSH - 1302" dst-address=\    192.168.2.247 dst-port=1300 log-prefix=fw-1300-2.247- protocol=tcpadd action=accept chain=forward comment="rekosmb - 5670" dst-address=\    192.168.2.247 dst-port=5666 protocol=tcpadd action=accept chain=forward comment="rekounifi SSH - 1303" dst-address=\    192.168.2.246 dst-port=22 log-prefix=fw-1300-2.246- protocol=tcpadd action=accept chain=forward comment="w10 - 3392" dst-address=\    192.168.2.243 dst-port=3389 log=yes log-prefix=_3392f protocol=tcpadd action=drop chain=forward comment="VSE CO JE NAD POVOLENO, JINAK DROP" \    log=yesadd action=drop chain=forward comment=\    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \    connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment=masquerade dst-address-list="" \    ipsec-policy=out,none out-interface-list=WANadd action=dst-nat chain=dstnat comment="rekolin NAGIOS" dst-port=5666 \    in-interface=ether1-WAN protocol=tcp src-address-list=arit to-addresses=\    192.168.2.251 to-ports=5666add action=dst-nat chain=dstnat comment="rekolin SSH" dst-port=1300 \    in-interface=ether1-WAN protocol=tcp src-address-list=arit to-addresses=\    192.168.2.251 to-ports=1300add action=dst-nat chain=dstnat comment="rekoad NAGIOS" dst-port=5667 \    in-interface=ether1-WAN protocol=tcp src-address-list=arit to-addresses=\    192.168.2.252 to-ports=5666add action=dst-nat chain=dstnat comment="rekoad RDP" dst-port=3390 \    in-interface=ether1-WAN log=yes log-prefix=_3390 protocol=tcp \    src-address-list=arit to-addresses=192.168.2.252 to-ports=3389add action=dst-nat chain=dstnat comment="rekois NAGIOS" dst-port=5668 \    in-interface=ether1-WAN protocol=tcp src-address-list=arit to-addresses=\    192.168.2.249 to-ports=5666add action=dst-nat chain=dstnat comment="rekois RDP" dst-port=3391 \    in-interface=ether1-WAN log=yes log-prefix=_3391 protocol=tcp \    src-address-list=arit to-addresses=192.168.2.249 to-ports=3389add action=dst-nat chain=dstnat comment="rekois RDP" dst-port=3391 \    in-interface=ether1-WAN log=yes log-prefix=_3391 protocol=tcp \    src-address-list="IIS Tabor" to-addresses=192.168.2.249 to-ports=3389add action=dst-nat chain=dstnat comment="rekois SQL primo z IIS Tabor" \    dst-port=9998 in-interface=ether1-WAN log=yes log-prefix=_9998 protocol=\    tcp src-address-list="IIS Tabor" to-addresses=192.168.2.249 to-ports=1433add action=dst-nat chain=dstnat comment="rekois SQL primo z Aritu" dst-port=\    9998 in-interface=ether1-WAN log=yes log-prefix=_9998 protocol=tcp \    src-address-list=arit to-addresses=192.168.2.249 to-ports=1433add action=dst-nat chain=dstnat comment="rekois SQL primo z Aritu" dst-port=\    9999 in-interface=ether1-WAN log=yes log-prefix=_9999 protocol=tcp \    src-address-list=arit to-addresses=192.168.2.249 to-ports=1434add action=dst-nat chain=dstnat comment="rekovpn NAGIOS" dst-port=5669 \    in-interface=ether1-WAN protocol=tcp src-address-list=arit to-addresses=\    192.168.2.248 to-ports=5666add action=dst-nat chain=dstnat comment="rekovpn SSH" dst-port=1301 \    in-interface=ether1-WAN protocol=tcp src-address-list=arit to-addresses=\    192.168.2.248 to-ports=1300add action=dst-nat chain=dstnat comment="rekovpn OPENVPN" dst-port=1194 \    in-interface=ether1-WAN protocol=udp to-addresses=192.168.2.248 to-ports=\    1194add action=dst-nat chain=dstnat comment="rekovpn OPENVPN" dst-port=1194 \    in-interface=ether1-WAN protocol=tcp to-addresses=192.168.2.248 to-ports=\    1194add action=dst-nat chain=dstnat comment=\    "rekovpn OPENVPN - testovano pro vpn, kdyz je port blokovan" disabled=yes \    dst-port=443 in-interface=ether1-WAN protocol=tcp to-addresses=\    192.168.2.248 to-ports=1194add action=dst-nat chain=dstnat comment="rekosmb SSH" dst-port=1302 \    in-interface=ether1-WAN protocol=tcp src-address-list=arit to-addresses=\    192.168.2.247 to-ports=1300add action=dst-nat chain=dstnat comment=rekosmb dst-port=5670 in-interface=\    ether1-WAN protocol=tcp src-address-list=arit to-addresses=192.168.2.247 \    to-ports=5666add action=dst-nat chain=dstnat comment="rekounifi SSH" dst-port=1303 \    in-interface=ether1-WAN protocol=tcp src-address-list=arit to-addresses=\    192.168.2.246 to-ports=22add action=dst-nat chain=dstnat comment="servisni w10" dst-port=3392 \    in-interface=ether1-WAN log=yes log-prefix=_3392 protocol=tcp \    src-address-list=arit to-addresses=192.168.2.243 to-ports=3389/ip routeadd distance=1 gateway=**ELIDED**/ip serviceset ftp disabled=yesset www disabled=yesset ssh port=1313set api disabled=yesset api-ssl disabled=yes/lcdset backlight-timeout=5m default-screen=stats read-only-mode=yes/lcd interfaceadd interface=bridge-LAN/snmpset enabled=yes trap-community=arit/system clockset time-zone-name=Europe/Prague/system identityset name=Reko-GW/system ntp clientset enabled=yes primary-ntp=195.113.144.201/system scheduleradd interval=4w2d name=schedule1 on-event=backup_script.rc policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \    start-date=dec/01/2021 start-time=15:13:23/system scriptadd dont-require-permissions=no name=backup_script.rc owner=admin policy=\    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\    local months (\"jan\",\"feb\",\"mar\",\"apr\",\"may\",\"jun\",\"jul\",\"au\    g\",\"sep\",\"oct\",\"nov\",\"dec\");:local date [/system clock get date];\    :local dd [:pick \$date 4 6];:local month [:pick \$date 0 3];:local yy [:p\    ick \$date 9 11];:local mm ([ :find \$months \$month -1 ] + 1);/export hid\    e-sensitive compact file=(\"backup/zaloha-\".[/system identity get name].\    \"-\".\$yy.\$mm.\$dd); /export hide-sensitive compact file=(\"/backup/zalo\    ha-aktualni\"); /system backup save name=zaloha-aktualni"/tool graphing interfaceadd/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN